DUBLIN – MARCH 8, 2023 – Edgescan, the first-fully integrated cybersecurity platform, announced today the release of its 2023 Vulnerability Statistics Report. The vulnerability data analyzed was collected from thousands of security assessments and penetration tests performed on millions of assets, utilizing the Edgescan Platform in 2022.
Register for the report by accessing the 2023 Edgescan Vulnerability Stats Report.
The eighth edition of the report provides a statistical model of the most common weaknesses faced by enterprises to enable data-driven decisions for managing risks and exposures more effectively. The statistical models are split across layers of the technology stack such as Web Application, API, and Device/Host layers. Additionally, we make a distinction in the data for four tiers of business sizes based on employee count and a distinction between internet facing and internally facing assets.
“We are still not getting the basics right; In 2022 we’ve observed many very basic vulnerabilities, many of which are commonly leveraged by cybercrime. Continuous assessment, validation & prioritization will make a huge difference to any organization’s cybersecurity posture. All vulnerabilities are not created equal, and we must focus on what matters to protect our respective organizations and businesses,” said Eoin Keary, Founder and CEO of Edgescan.
The report provides insight into how quickly vulnerabilities are being fixed based on risk. Unfortunately, high rates of known types of risk are still being found (i.e., patchable) exploitable vulnerabilities, with working exploits in the wild being used by nation states and cyber-criminal groups against organizations who are slow to patch.
- Non-internet facing systems have a significant risk density resulting in an easy time for criminals once the network perimeter is breached
- Mean Time to Remediation (MTTR) for Critical Severity vulnerabilities is 65 days
- 33% of all vulnerabilities across the full stack discovered in 2022 were either High or Critical Severity
- The most common application layer and API vulnerabilities are still Injection related
- 13.5% of vulnerabilities in an enterprise’s backlog are either high or critical severity
- 12% of all Risk accepted vulnerabilities in 2022 were considered (in isolation) Critical Severity
New in this report is the way Edgescan looks at prioritization and risk scores. Since Edgescan employs several risk prioritization scoring mechanisms we take a deeper look at the most common risks faced by organizations and look at correlation of the various risk scoring methodologies.
Methodology of Data Collection
All vulnerability data analyzed for the Edgescan Vulnerability Statistics Report was collected from thousands of security assessments and penetration tests performed on millions of assets; this growing collection of intelligence is stored in our data lake and is used for analytics-based validation purposes amongst the solutions that comprise the Edgescan Platform. Vulnerability data was sourced from over 250 companies of various sizes, Fortune 500 to medium and small businesses, across 30 industry verticals.
About Edgescan
Edgescan is the first fully integrated cybersecurity platform that unifies all required security solutions into a single combative platform. These solutions include pen testing as a service (PTaaS), vulnerability management, dynamic application security testing (DAST), external attack surface management (EASM), and API security testing. All vulnerability information gleaned from any assessment or test is added to a growing collection of intelligence that is stored in our data lake and shared amongst the solutions. The platform enables companies to view and map assets across their entire global attack surface and delivers validated vulnerability data eliminating false positives. The platform reduces the complexity and overhead associated with tool proliferation, speeds up remediation, cuts operational costs, while reducing risk associated with digital transformation and cloud deployments.